2-Day Instructor-Led Programme
A practitioner-led deep dive into the 12 most active nation-state threat groups across Russia, China, Iran, and North Korea, covering their tools, targets, doctrine, and 2025-2026 campaign activity. Develop the profiling skills to prioritise defences by specific actor, produce threat briefings for leadership, and apply MITRE ATT&CK group profiles operationally.
Duration
2 Days
Price
$2,195
Not all cyber threats are equal, and not all nation-state actors are the same. Understanding which threat group is most likely to target your sector, with which specific toolset, at which stage of the geopolitical cycle, is the foundation of effective defence prioritisation. This two-day programme provides a structured, practitioner-built profile of the 12 most active nation-state threat groups across Russia, China, Iran, and North Korea.
Through mentor-led case study sessions, participants examine the distinct operational doctrines of each adversary nation, map their tools and infrastructure to specific targeting patterns, and apply that knowledge directly to their own sector's exposure. Case studies from 2025 and 2026 campaigns bring each profile to life, and the day two attribution exercise develops the analytical skill to link indicators of compromise to specific actor groups under time pressure.
By the close of day two, participants will have produced a structured threat actor briefing for non-technical leadership and completed an IoC-to-actor attribution exercise using a real campaign dataset. This course is aligned with MITRE ATT&CK group profiles, NCSC threat reporting, and intelligence community analytical standards.
IoC-to-actor attribution practical using real campaign datasets, MITRE ATT&CK group profile navigation exercises, and a structured threat actor briefing production exercise for a non-technical leadership audience.
Practitioner-facilitated deep-dive analysis of each major threat actor group with live commentary on 2025-2026 campaign activity, current targeting patterns, and sector-specific defensive implications.
Threat actor profiling methodology, MITRE ATT&CK group navigation, IoC attribution skills, Diamond Model intrusion analysis, and leadership briefing of threat actor risk.
Profile the 12 most active nation-state threat groups by tools, infrastructure, targeting, and operational doctrine.
Distinguish between Russian, Chinese, Iranian, and North Korean cyber operational objectives and methodologies.
Apply threat actor knowledge to prioritise defensive measures appropriate to your specific sector.
Use MITRE ATT&CK group profiles to map actor-specific techniques to detection engineering requirements.
Attribute a campaign from a set of indicators of compromise using structured analytical methodology.
Produce a threat actor briefing for non-technical leadership audiences at professional standard.
Assess the current 2025-2026 campaign landscape and its specific relevance to your organisation.
Basic understanding of cybersecurity concepts including malware, phishing, and network security fundamentals.
Some professional experience in a cybersecurity operations, security management, or intelligence role.
Completion of Cyber Warfare Foundations (X-CWF-F) or equivalent landscape awareness recommended.
Step-by-step learning journey from basics to professional practice
Master these in-demand skills through hands-on practice
A clear view of the roles this programme supports, what typically comes next, and where learners progress over time
Choose the learning format that works best for you and your team
Instructor-Led Training
Join live instructor-led sessions from anywhere. Interactive, engaging, and flexible.
Price per person
Group enrolments and early planning options available.
All prices are exclusive of VAT where applicable. Group enrolments and custom packages available on request.
Not everyone learns best in a group. If you want focused guidance, faster clarity, and confidence you can use on the job, our 1-to-1 Fast-Track Training gives you private, mentor-led support tailored to your experience and goals.
"Many learners choose 1-to-1 when they want understanding, not memorisation."
Everything you need to know about the certification exams
You will receive an Xcademia certificate of completion based on participation and successful completion of labs and scenario simulations.
Everything you need to know about this course
SOC analysts, threat intelligence analysts, security managers, and government security teams who need to understand specific nation-state adversaries and apply that knowledge operationally in their defensive work.
Take the next step in your professional development